CVE-2025-48489 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

PT-2025-23173 · Apache +1 · Apache Web Server +1

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.179 Description: The issue concerns insufficient checking of files uploaded to the application, allowing files with phtml and phar extensions to be uploaded. This can lead to remote code execution if the Apache...

PT-2025-23256 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is caused by a lack of input validation and sanitization in both Session::flash and other areas, allowing user input to be executed without proper filtering. This results in a...